CVE-2024-12863 | THREATINT

Description

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

PUBLISHED Reserved 2024-12-20 | Published 2025-04-21 | Updated 2025-04-21 | Assigner OpenText

MEDIUM: 5.6CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

20.2-25.1

affected

Credits

Hussein Bahmad (NTT Data) finder

References

support.opentext.com/...henticated&sysparm_article=KB0839121

cve.org (CVE-2024-12863)

nvd.nist.gov (CVE-2024-12863)

Download JSON